A prescription for a short-acting drug is entered into the computer as the long-acting version. The order is refilled six times based on the erroneous information.

When converting to electronic records, a doctor’s office omits a patient’s aneurysm history from the active problem list. During a medical procedure several years later, the aneurysm bursts. The specialist has been unaware of the patient’s risk.

Nursing notes for an entire shift vanish after a computer crash, compromising care.

Distressing situations like those described above are happening around the country as health care organizations adopt electronic health records (EHRs) in growing numbers. Although these systems promise to reduce costs and improve quality and safety, they’ve also ushered in unintended consequences as a result of human error, design flaws, and technology glitches.

Recognizing these emerging risks, CRICO—the patient safety and medical malpractice insurer for the Harvard medical community—is taking action. The Massachusetts- based company has expanded its proprietary coding system to capture EHR-related problems that have contributed to patient harm, and to guide the hospitals, physicians, and other providers it serves toward addressing vulnerabilities in their systems.

This new set of codes is part of a complex taxonomy that CRICO has developed over the past 30 years to analyze malpractice claims. CRICO uses this methodology to pinpoint clinical elements that can lead to medical error, to recognize historical and current trends, and to drive successful risk management efforts.

“We need to identify specific vulnerabilities so we can design systems and processes that protect us and our patients from these errors,” says Dana Siegal, RN, CPHRM, director of Patient Safety Services for CRICO Strategies, a division of CRICO that serves a national community of clients.

Computer systems that don’t “talk” to each other, test results that aren't routed properly, and mistakes caused by faulty data entry or copying and pasting...

ehrstatsCRICO identified 147 cases (asserted over a five-year period) in which the EHR was identified as a contributing factor. Computer systems that don’t “talk” to each other, test results that aren’t routed properly, and mistakes caused by faulty data entry or copying and pasting were among the EHR-related problems found in the claims, which represented $61 million in direct payments and legal expenses.

Electronic records are on the rise nationally, thanks partly to the federal HITECH Act of 2009, which authorizes incentive payments to encourage their adoption and “meaningful use.” But the extent of their use varies from provider to provider and state to state.

In 2012, some 44% of U.S. hospitals had at least a basic EHR system (up from 12% in 2009), while 72% of office- based physicians used either an EMR or EHR system (up from 48% in 2009), with considerable variations across the states, according to government sources (see sidebars).

CRICO’s findings, though preliminary, send a clear message: Caregivers need accurate information to make life-saving decisions, and there’s room for improvement in EHR design and implementation, such as adding alerts or expanding user training. As EHR adoption spreads, new vulnerabilities are bound to arise, predicts CRICO chief medical officer and senior vice president Luke Sato, MD. “This analysis is the tip of the iceberg,” he says. “We’re going to find things down the road that we weren’t even thinking of. There’s a lot of work to do.”

Data-Driven Approach

CRICO, a medical professional liability captive insurer, provides claims management, litigation, and educational services to its member owners—including more than 12,000 physicians, 22 hospitals, and 100,000-plus nurses, technicians, and other employees of Harvard-affiliated organizations. Its data-driven strategy involves using evidence to promote patient safety and minimize lawsuits.

A centerpiece of that strategy is a large comparative data- base that CRICO has developed with claims information collected from Harvard affiliates and CRICO Strategies partners around the country. This Comparative Benchmarking System (CBS) features 275,000 open and closed cases from more than 500 hospitals and 125,000 physicians, and it’s a potent tool for analyzing, trending, and targeting remedies. Participating organizations can, for example, use this clinically coded information to evaluate their patient safety performance against other academic and community healthcare systems in the U.S.

“Candello provides us with a significant pool of data for analysis and enables us to stay ahead of the curve and be prepared to collect information when new vulnerabilities or errors begin to emerge,” notes Heather Riah, assistant vice president of operations for Candello. Adds Siegal, “This is exactly why we started focusing on EHR issues. Recognizing that our members and clients were raising more and more concerns, we did some initial research and launched a pilot project.”

The team asked its CRICO and Candello members, “What vulnerabilities are you seeing? What are your risk managers worried about? What are your doctors complaining about?” It used that feedback to draft a set of EHR-specific codes and then tested them in three datasets: CRICO (Harvard users) and two of Strategies’ larger clients, The Doctors Company and Princeton Insurance. Based on those results, CRICO revised and approved 15 new EHR codes that went “live” in January 2013

That means CRICO’s cadre of nurse coders can now identify EHR as a contributing factor to a malpractice claim, instead of using one of the less specific factors available in the past. And they can flag whether the problem involved user issues, system/technology issues, or both. “In some cases,” Sato points out, “the system design sets up humans to make errors.”

Vexing Vulnerabilities

Which EHR vulnerabilities are most troubling? CRICO’s early analysis reveals that incorrect information in the EHR was a factor in 20% (30) of the 147 medical error cases reviewed (sidebar). This might include:

  • Faulty data entry: A patient’s height is 60 inches but is recorded as 60 centimeters, which distorts her body mass index (BMI).
  • Unexpected conversion: The data is entered correctly, but the computer auto-converts it without the user noticing. For example, 2.5 changes to 25, which becomes a medication error when a clinician acts on the higher number.
  • Wrong file or field: A user accidentally opens up the wrong patient file and orders medication or records vital signs for someone else. As Sato explains, “Because of the way EHRs are designed, you can get lost easily and enter information in an incorrect field or for an incorrect patient without realizing it.”
  • Repeated errors: Mistakes in a patient record persist for years without being caught.

“With data entry, whether we’re putting it on paper or into a computer, we are vulnerable to human error,” says Siegal.

Hybrid health record/EHR conversion issues, another vexing vulnerability related to users, were a contributing factor in 16% (24) of the CRICO cases. This happens when paper and electronic records are inconsistent, often during the transition to EHR. A patient’s status can wind up being misinterpreted. For example, a 4-year-old develops a penicillin allergy. It is noted in the paper record at the pediatrician’s office, which is transitioning to an electronic system. A relative who doesn’t know about the allergy takes the child for an urgent care visit in the same healthcare system. The EHR doesn’t yet reflect the new allergy, and a caregiver prescribes penicillin, triggering an allergic reaction.

Technology problems also contribute to medical errors, according to CRICO’s analysis. These include routing failures (test results aren’t sent to the hospital unit where the patient is now located, for instance); computers that go down or help desks that aren’t available; and systems that are incompatible, even within the same facility.

The EHR coding study also found that:

  • Medicine and Nursing were the services most frequently identified. This isn’t surprising, since many of the claims involved the electronic medication record, long in use by these services. OB/GYN and surgery were close behind medicine and nursing.
  • More than half (56%) of the malpractice claims emerged from ambulatory care settings, compared to 31% for inpatient and 13% for emergency departments. Within ambulatory, hospital clinics and physician offices accounted for the vast majority.
  • Half of the 147 cases resulted in severe injury.

“Ultimately, this is about supporting critical decision making,” says Siegal. “In the ambulatory and hospital worlds, we depend on the electronic medical record to give us (the correct) information to make important decisions, such as whether or not to prescribe a drug, which drug, or how best to treat the results of a test.”

CRICO has long appreciated the value of effective EHR systems in advancing the patient safety agenda, Siegal adds. “We believe the EHR will provide a vehicle that protects us from our humanness and promotes improved communication and information exchange among providers.”

Focus on the Future

CRICO leaders plan to collect more data to support the ongoing development of recommendations around EHRs and patient safety, according to Arvind P. Kumar, Chair of the Technology Council for the Alliance for Quality Improvement and Patient Safety. Kumar, who teaches the benefits and pitfalls of electronic records at the Harvard School of Public Health, stresses the need to partner with industry, including EHR vendors, to improve all health information technology. He encourages a more standardized approach to system development that reflects the experience of end users: providers. “The idea,” Kumar says, “is to bring together creators and users to guide the process.”

Looking ahead, Sato envisions a day when electronic records are fully integrated into clinical workflow. In 2012, he led production of a provocative video, Better, Safer Care: Imagining a Medical Record of the Future, which shows a doctor using a tablet that “speaks” during a patient visit. It interacts with both patient and physician, providing essential support such as documenting the encounter, retrieving historical information, and scheduling follow-up appointments and reminders. You can watch the video on CRICO’s website or through YouTube (Sato & Augello, 2012).

Sato advises remembering the why behind the work: “Healthcare organizations are so busy implementing their EHR/EMR systems that they sometimes lose sight of the big picture: that we’re doing this to make healthcare accessible, higher quality, and safer—to help clinicians deliver better care to patients.”

Jonathan Einbinder, MD, assistant vice president for advanced data analytics and coding for CRICO, agrees. “These new EHR codes will help us build a better system by providing a view into how technology may contribute to patient harm. It doesn’t mean that having technology is worse than not having it,” says Einbinder, who practices medicine at Brigham and Women’s Hospital in Boston. “Effective use of well-designed computer systems will absolutely improve care. I’ve worked with paper records, and I wouldn’t want to go back to doing it that way.”


Sato, L., & Augello, T. A. (2012, November 5). CRICO challenges EMR complacency. CRICO. Available at https://www.rmf.harvard.edu/Clinician-Resources/Video/2012/EMR-of-the-future

Garrett, P., & Seidman, J. (2011, January 4). EMR vs EHR—What is the difference? Health IT Buzz. Available at http://www.healthit.gov/buzz-blog/electronic-healthand-medical-records/emr-vs-ehr-difference/

Reprinted from Malpractice Claims Analysis Confirms Risks in EHRs. Patient Safety Qual Healthcare. Jan–Feb 2014:20-23. 

This page is an excerpt of a full issue of Insight.

CRICO Insight Library Home

CME: The Massachusetts Board of Registration in Medicine has endorsed each complete issue of Insights or 30-minutes of podcast episodes as suitable for 0.5 hours of Risk Management Category 1 Study in Massachusetts. You should keep track of these credits the same way you track your Category 2 credits.


Check out these patient safety topics.
Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.